cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


223
Views
5
Helpful
5
Replies
Beginner

Whitelist IP from IPS

Have a pair of 5515-IPS that are having a pen test done soon.  We need to whitelist the pen test company IP addr from the IPS module.

 

Does anyone have any suggestions on how to do this?  Had thought of possibly excluding those addresses from the policy map and/r class map but not sure which one or how to do that.

 

TIA

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

Re: Whitelist IP from IPS

If your IPS class map currently uses a "match any" then just change it to "match access-list <acl name>".

Make the ACL simple - first deny the pen testing address(es) then permit all.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/mpf.html#wpxref87994

5 REPLIES 5
VIP Advisor

Re: Whitelist IP from IPS

Just exclude them from policy-map.
Beginner

Re: Whitelist IP from IPS

Thanks for that

At the moment all traffic is sent via IPS just under the global policy map. What would be the best way to exclude the 2 IP addresses that need to be whitelisted?
Hall of Fame Master

Re: Whitelist IP from IPS

If your IPS class map currently uses a "match any" then just change it to "match access-list <acl name>".

Make the ACL simple - first deny the pen testing address(es) then permit all.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/mpf.html#wpxref87994

Highlighted
Beginner

Re: Whitelist IP from IPS

And doing that will effectively whitelist the pen test addresses from the IPS module and cause them to bypass that side of things?

Just wanting to make sure I've understood correctly
Hall of Fame Master

Re: Whitelist IP from IPS

Correct. The Pen testing address(es) never get evaluated by the IPS module if you do that.